VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-q9tc-tekx-aaae

Essentials
Severities (81)
References (7)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-q9tc-tekx-aaae
Aliases	CVE-2024-22860
Summary	Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-190

Integer Overflow or Wraparound

System	Score	Found at
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.01858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.0222	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.0222	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.0222	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.0222	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.0222	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.0222	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.0222	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.0222	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.0222	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.02792	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
epss	0.0858	https://api.first.org/data/v1/epss?cve=CVE-2024-22860
cvssv3.1	9.8	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991
ssvc	Track	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991
cvssv3.1	6.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	9.8	https://github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5
ssvc	Track	https://github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2024-22860
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2024-22860

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-22860
		https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22860
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5
cpe:2.3:a:ffmpeg:ffmpeg::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg::::::::
CVE-2024-22860		https://nvd.nist.gov/vuln/detail/CVE-2024-22860

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T18:49:17Z/ Found at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T18:49:17Z/ Found at https://github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-22860

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-22860

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.57960
EPSS Score	0.00196
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-27T08:15:13.710066+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-22860	34.0.0rc2